According to Forrester’s Stephen Mann, the increasing ubiquity of mobile devices in enterprise environments is facilitating this trend. A joint Booz Allen/Buddy Media study found that 57% of businesses surveyed plan to increase social media spending.

The study also showed that 38% of CEOs perceive social media as a high priority. These statistics point to increasingly mercantile applications of this mode of social expression, communication and bonding – social media is maturing as a business tool.

Below are two social business trends that offer attractive competitive and financial returns for a variety of attackers focused on mobile devices.

Convergence Emergence

According to Armano, merchants are developing creative ways to integrate social media with their product/service offerings. He cites a 2011 Domino’s pizza marketing campaign that posted customer feedback from social media on an electronic ticker in Times Square as an example where virtual interactions were translated to real-world presentations. This campaign led to a double-digit increase in sales and a refinement of their brand image.

The use of social media by merchants to promote the perception of their brand could be targeted by hacktivists with a social agenda, or by hackers with financial goals. Over the holidays, I witnessed demonstrators picketing a major pet product retailer and protesting their alleged mistreatment of animals.

If hackers aligned themselves with these protesters, they could launch social media campaigns designed to influence the perception of that chain. This trend also has privacy implications for consumers.

The market penetration enabled by commercial convergence is enhanced by the increasing influx of personal devices into the enterprise. According to Contos, “There will be more demand from both technical and business users wanting to bring their own devices, whether or not the company has authorized their use.”

As was the case with one of my clients, uncontrolled connections between the corporate network and personal devices may provide an internal attack surface to cyber miscreants. Device management systems such as the McAfee Enterprise Mobility Management solution may help control the touch-points between these devices and organizational assets.

Gamification

“Game-like qualities,” says Armano, “are emerging within a number of social apps in your browser or mobile device.” Businessweek’s Rachael King authored an article discussing the use of games to train employees and improve the quality and effectiveness of their work experiences.

“The trend, known as gamification, lets businesses weave elements of games into applications that otherwise have little to do with playing,” writes King.

According to a Gartner study, the goals of gamification are to “achieve higher levels of engagement, change behaviors and stimulate innovation.” This study highlighted the engagement drivers that impact the perspectives and choices made by the participants.

These drivers rely on a reliable feedback mechanism consistent with game rules that reflect the corporate mission. Given the consumerization of IT, the application infrastructure that enables these games will support mobile devices.

The introduction of software applications to “gamify” business may lead to attacks targeting feedback mechanisms and the game rules. Imagine a worm that alters the rules of a training game or changes the way individuals are ranked.

A more discreet attacker may design an application to gather information on the “gamified” business functions to inform a social engineering attack. For example, the game activity and rankings of key staff could be used to customize phishing attacks that incorporate aspects of corporate games.

These trends are but a glimpse of the challenges that can only be tackled through hybrid solutions developed by business and technical professionals. My 2012 contributions to the @McAfeeBusiness feed and the Security Connected blog will explore the application of this strategy.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.